Microsoft explains working of Flame Malware

Few days back we provided you details about Security advisory and patch issued by Microsoft for unauthorized digital certificate loophole caused by Flame malware. Microsoft has made some more detail public about the working of the malware.

Kaspersky has also analysed the malware and has termed it to be the largest and most complex attach toolkit to date and believes that it may be handy work of some countries.

Flame malware was able to disguise itself as genuine software digitally signed by Microsoft, that is why it was able to avoid detection by security experts and Anti-virus firms. Code Writers of Flame Malware cracked the method which is used by microsoft to differentiate between Windows Version including windows xp, 2003 and earlier version this was done simply by using the spoofed digital certificate and for Windows Vista and above version they used a file with MD5 Checksum collision.

Microsoft has stated that it will be hardening the Windows Update infrastructure in coming months.  It appears that the Windows Update client will gain its own certificates infrastructure and perform additional verification of the certificate itself to ensure that all required fields are present, rather than trusting the integrity of the digital signature itself.

You are recommended to apply patch for flame malware as soon as possible.

1 thought on “Microsoft explains working of Flame Malware”

  1. Hi gud morn, i have a pblm regarding winogon.exe malware .. it spreads through network can u give me some solution.


Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.